Who's got visible projects looking to detect this from various points/regimes on the internet?
(University of Toronto's IXMaps group whom I advised a few times over the years did something similar for routes, not that BGPlay isnt out there, but they translated it into human as a sociology project - borne of the Carnivore era. https://www.ixmaps.ca/ ) Im glad no one said Namecoin yet. Oops. /kc On Thu, Mar 29, 2018 at 04:26:47PM +0000, Baldur Norddahl said: >> >> >> Technically, tweaking your DNS resolver to lie (and/or to log) is much >> easier and faster (and waaaaay less expensive) than setting up a >> packet interception and rewriting device at line rate. >> > >It is just a static /32 route for well known DNS resolvers to the ISP >resolver. It is free and trivial. To make your resolver reply with the >correct IP you simply add all the well known /32 addresses to the localhost >interface. > >To get any service instead of just well known ones, you can use source >routing based on the port nummer 53. Direct this to a Linux server that >will NAT the traffic towards the ISP DNS. This is also trivial and free, >provided your routers support source routing (ours do). > >Detectable yes, but also hard to escape for the average user. They will >need to go full VPN. Running your own resolver will not work. > >Regards > >Baldur -- Ken Chase - m...@sizone.org Guelph Canada
